Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Cybercriminals combine voice phishing and OTP grabbers to steal more data: Report

    September 25, 2023

    UK bolts US ‘data bridge’ deal onto EU-US Data Privacy Framework

    September 22, 2023

    Microsoft Employee Accidentally Exposes 38 Terabytes of Private Data: Report

    September 21, 2023
    Facebook Twitter Instagram
    Your Infotech
    • Data

      Cybercriminals combine voice phishing and OTP grabbers to steal more data: Report

      September 25, 2023

      UK bolts US ‘data bridge’ deal onto EU-US Data Privacy Framework

      September 22, 2023

      Microsoft Employee Accidentally Exposes 38 Terabytes of Private Data: Report

      September 21, 2023

      Sea of data or data you can see?

      September 15, 2023

      Chandrayaan missions providing unmatched data for global scientific community: Scientist Debiprosad Duari

      September 13, 2023
    • Cloud

      The risks of low-code and no-code development in cloud architecture

      September 20, 2023

      37 Signals says cloud repatriation plan has already saved it $1 million

      September 19, 2023

      Can multi-cloud lead to ‘multi’ loopholes in business enterprises?

      September 11, 2023

      Cloud first is dead—cloud smart is what’s happening now

      September 8, 2023

      How Do Health Tech and FinTech Benefit from Cloud Computing?

      September 5, 2023
    • Networking

      Enterprise DPU advances are spurred by AI, security, networking apps

      September 12, 2023

      Juniper Networks And Its Beyond Labs Vision

      September 1, 2023

      HPE Aruba Networking Product Vulnerabilities Allow File Overwrite

      August 18, 2023

      Extreme Networks is coming for Cisco, HPE market share

      August 9, 2023

      Flight to cloud drives IaaS networking adoption

      August 2, 2023
    • Virtualization

      Virtual Machines: An Introduction to the Different Types of Virtualization

      June 26, 2023

      Imagination and Telechips drive automotive display diversity with hardware virtualization

      March 16, 2023

      Device virtualization is key to IoT adoption

      March 3, 2023

      Discover how virtualization can transform your business with this online training

      February 7, 2023

      Server Virtualization Software Market Next Big Thing | Major Giants IBM, Oracle, Microsoft

      February 2, 2023
    • IT Infrastructure

      Unravelling the insecurity in our IT infrastructure

      July 26, 2023

      Networking for Practical
      Quantum Applications

      June 5, 2023

      TCS+ | The need for speed: Braintree’s Heath Huxtable on modern IT infrastructure

      March 13, 2023

      The race to net zero: Six ways to slash IT infrastructure emissions

      March 10, 2023

      Vertiv and TechAccess partner to boost African IT infrastructure solutions

      February 28, 2023
    Your Infotech
    Home»Virtualization»Intel boosts VM security, and guards against stack attacks in new Xeon release
    Virtualization

    Intel boosts VM security, and guards against stack attacks in new Xeon release

    yourinfotechBy yourinfotechJanuary 11, 2023Updated:January 11, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Intel today announced the fourth generation of its Xeon server chipsets, detailing several new features under the company’s confidential computing security umbrella. The most notable upgrades were enhancements to Intel’s trusted execution environment and a new technique for combating jump- and return-oriented programming attacks.

    The fourth generation of Xeon processors introduces a number of new features across the board, including significant improvements to energy efficiency, AI processing, and edge workload handling, but virtual machine (VM) isolation technology and control flow enforcement are the security highlights. The former method provides hardware-level VM isolation without the need for hypervisor oversight — rather than a single app living inside a trusted environment, a whole VM can.

    There are numerous options, for trusted execution environments in other areas of the stack, but Intel fellow Amy Santoni, the company’s chief Xeon security architect, said that not all of them offer the same capabilities or meet the same standards.

    Intel aims to secure virtual environments
    “It depends on your goals for a trusted environment,” she said. “If you look at the cloud today, you can have multiple tenants running on the same hardware with virtualization technology, but in just a regular cloud environment, the hypervisor still has access to all those VM’s data if you allow them to —there’s nothing at a hardware level to prevent a VM from accessing data.”

    That isolation is provided via Intel’s Trust Domain Extensions framework, which already works with Azure, Google Cloud, Alibaba, and IBM — no timeline was provided for AWS integration at the time of this writing.

    Control flow enforcement is a feature that Intel has already implemented in its endpoint-focused Core line of processors, but is new to the Xeon family, aimed at stamping out a family of cyberattack techniques called return-oriented and jump-oriented programming. The idea with such attacks is to rearrange the order in which pieces of code are provided back to the application, for malicious purposes.

    “So I can take snippets of real, released code but I’m able to manipulate their order,” explained Santoni.

    Control flow enforcement, however, adds a secondary or “shadow stack” to the normal stack used to order the execution of instructions. It’s completely inaccessible to programmers, so, the idea goes, it can’t be manipulated by a bad actor. The order of instructions is compared to the “shadow stack,” which throws an error if they’re not in the correct sequence.

    Finally, Intel’s already-announced Project Amber is present in Xeon’s fourth generation. This is what the company describes as an out-of-station capability for its trusted execution environment, allowing users to validate that their workloads are running on Intel hardware, regardless of information provided by cloud service providers.

    “The idea is to provide customers the ability to validate the configuration of the environment they’re running in,” said Santoni. “It doesn’t mean that the CSPs don’t provide that, it’s an additional option — when you buy a used car from a dealer, you [still] might want to take it to an independent mechanic.”

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleCES 2023: How 5G Will Bring the Metaverse and Future Commerce Into Focus
    Next Article MAKING IT EASIER TO BREAK THE SONIC BARRIER FOR NETWORKING
    yourinfotech
    • Website

    Related Posts

    Virtual Machines: An Introduction to the Different Types of Virtualization

    June 26, 2023

    Imagination and Telechips drive automotive display diversity with hardware virtualization

    March 16, 2023

    Device virtualization is key to IoT adoption

    March 3, 2023

    Discover how virtualization can transform your business with this online training

    February 7, 2023

    Leave A Reply Cancel Reply

    Our Picks

    Subscribe to Updates

    Get the latest creative news from Your Infotech about Information Technology.

    About Us
    About Us

    We provide a wide range of customized, integrated B2B and B2C digital marketing services solutions that are ideal for your business.

    We're accepting new partnerships right now.

    Email Us: info@yourmartech.com
    Contact: +1-530-518-1420

    Our Brands
    • Your Martech
    • Your HR Tech
    • Your Fin Tech
    • Your Revenue
    • Your Bio Tech
    • Your POS Tech
    • Your Health Tech
    SUBSCRIBE NOW
    Loading
    LinkedIn
    • Privacy Policy
    © 2023 Vigarbiz Inc. Designed by Vigarbiz Media.

    Type above and press Enter to search. Press Esc to cancel.